+**[[Home|Back to homepage]]**
+== Forensic and data recovery ==
+=== For files ===
+ * **[[hachoir-subfile|hachoir-subfile]]**
+ * **[[|Photorec]]**: File header and footer database, tools to sort file by content (eg. using EXIF metadata)
+ * **[[|Scalpel]]**: fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is a fork of Foremost.
+ ** [[|Foremost]]: //console program to recover files based on their headers, footers, and internal data structures//
+ * [[|Magic Rescue]]: File header database, tools to recover file start (scripts using external program like gzip, mencoder, jpegtran, etc.)
+ * [[|anyfs-tools]]: UNIX-way toolset for recovering and converting filesystems for Linux OS
+ * **[[|Autopsy]]** Forensic Browser
+=== For file systems ===
+ * [[|TestDisk]] (//Christophe GRENIER//): recover lost partitions and make non-booting disks bootable again
+ * parted
+ * EXT2/EXT3: [[|ext3rminator]] (//Mike Hommey//)
+ * EXT2/EXT3: [[|giis]] (//giis-get it i say//)
+ * [[|ddrescue]] (//Antonio Diaz//): special version of dd (copy from a device to a file), specific to read damaged hard drives. Try also [[|dd_rescue]] by //Kurt Garloff//.
+=== For file and file systems ===
+ * [[|The Sleuth Kit]]
+ * [[|The Coroner's Toolkit (TCT)]]
+=== For memory ===
+ * [[MemoryDump|Forensics on memory dump]]
+ * [[|Komoku Forensics]]
+== Forensics websites ==
+ * [[|]]: Great directory of forensics tools
+ * [[|Digital Forensic Research Workshop (DFRWS)]]
+ * [[|]]: Windows programs (PE) reverge engineering
+ * [[|]] : //Linux Forensics// and //FCCU GNU/Linux Forensic Boot CD//
+== See also ==
+ * [[ReverseEngineering|Reverse engineering]]
